An adaptive cryptographic engine for internet protocol security architectures
01 Jul 2004-ACM Transactions on Design Automation of Electronic Systems (ACM)-Vol. 9, Iss: 3, pp 333-353
TL;DR: A diverse set of private-key cryptographic algorithms is utilized to demonstrate the applicability of the proposed cryptographic engine, an FPGA-based Adaptive Cryptographic Engine for IPSec architectures that can adapt to diverse security parameters on the fly while providing superior performance compared with software-based solutions.
Abstract: Architectures that implement the Internet Protocol Security (IPSec) standard have to meet the enormous computing demands of cryptographic algorithms. In addition, IPSec architectures have to be flexible enough to adapt to diverse security parameters. This article proposes an FPGA-based Adaptive Cryptographic Engine (ACE) for IPSec architectures. By taking advantage of FPGA technology, ACE can adapt to diverse security parameters on the fly while providing superior performance compared with software-based solutions. In this paper, we focus on performance issues. A diverse set of private-key cryptographic algorithms is utilized to demonstrate the applicability of the proposed cryptographic engine. The time performance metrics are throughput and key-setup latency. The latency metric is the most important measure for IPSec where a small amount of data is processed per key and key context switching occurs repeatedly. We are not aware of any published results that include extensive key-setup latency results.
Citations
More filters
01 Apr 1997
TL;DR: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity.
Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.
2,188 citations
Book•
19 Nov 2010
TL;DR: The introduction and the conclusion are the main chapters of the book, which provide a very strong theoretical and practical background to the field of reconfigurable computing, from the early Estrins machine to the very modern architecture like coarse-grained reconfigured device and the embedded logic devices.
Abstract: Introduction to Reconfigurable Computing provides a comprehensive study of the field Reconfigurable Computing. It provides an entry point to the novice willing to move in the research field reconfigurable computing, FPGA and system on programmable chip design. The book can also be used as teaching reference for a graduate course in computer engineering, or as reference to advance electrical and computer engineers. It provides a very strong theoretical and practical background to the field of reconfigurable computing, from the early Estrins machine to the very modern architecture like coarse-grained reconfigurable device and the embedded logic devices. Apart from the introduction and the conclusion, the main chapters of the book are Architecture of reconfigurable systems, Design and implementation, High-Level Synthesis for Reconfigurable Devices, Temporal placement, On-line and Dynamic Interconnection, Designing a reconfigurable application on Xilinx Virtex FPGA, System on programmable chip, Applications.
190 citations
Cites background or methods from "An adaptive cryptographic engine fo..."
...The main difference with the architecture presented in [61] is the use of partial reconfiguration, which allows for an integration of all components on a...
[...]
...In the architecture presented in [61] [178], the whole device must be reset on reconfiguration, thus increasing the power consumption because of the amount of the data that must be downloaded on a chip....
[...]
...The general architecture of an adaptive cryptographic engine proposed by Prasanna and Dandalis [61] [178] basically consists of a database to hold the different configuration that can be downloaded at run-time onto the device, like an FPGA for instance, to perform the computation and a configuration controller to perform the reconfiguration, i....
[...]
TL;DR: It is emphasized that reconfigurable hardware is not just a technology for hardware accelerators dedicated to security primitives as has been focused on by most studies but a real solution to provide high-security and high-performance for a system.
Abstract: Embedded systems present significant security challenges due to their limited resources and power constraints. This paper focuses on the issues of building secure embedded systems on reconfigurable hardware and proposes a security architecture for embedded systems (SAFES). SAFES leverages the capabilities of reconfigurable hardware to provide efficient and flexible architectural support for security standards and defenses against a range of hardware attacks. The SAFES architecture is based on three main ideas: (1) reconfigurable security primitives; (2) reconfigurable hardware monitors; and (3) a hierarchy of security controllers at the primitive, system and executive level. Results are presented for reconfigurable AES and RC6 security primitives and highlight the value of such an architecture. This paper also emphasizes that reconfigurable hardware is not just a technology for hardware accelerators dedicated to security primitives as has been focused on by most studies but a real solution to provide high-security and high-performance for a system.
82 citations
Additional excerpts
...Several works have been published using such a solution [8], [15], [ 16 ]....
[...]
TL;DR: This work proposes a technique based on optimized implementation of AES on FPGA by making efficient resource usage of the target device, which has 32% higher frequency, while consuming 2.63 more slice LUTs, 8.33 less slice registers, and 12.59 less LUT-FF pairs.
45 citations
TL;DR: In this work, a new methodology is presented for achieving high operating frequency and throughput for the implementations of all widely used-and those expected to be used in the near future-hash functions such as MD-5, SHA-1, RIPEMD (all versions), SHA-256,SHA-384, SHA -512, and so forth.
Abstract: Many cryptographic primitives that are used in cryptographic schemes and security protocols such as SET, PKI, IPSec, and VPNs utilize hash functions, which form a special family of cryptographic algorithms. Applications that use these security schemes are becoming very popular as time goes by and this means that some of these applications call for higher throughput either due to their rapid acceptance by the market or due to their nature. In this work, a new methodology is presented for achieving high operating frequency and throughput for the implementations of all widely used-and those expected to be used in the near future-hash functions such as MD-5, SHA-1, RIPEMD (all versions), SHA-256, SHA-384, SHA-512, and so forth. In the proposed methodology, five different techniques have been developed and combined with the finest way so as to achieve the maximum performance. Compared to conventional pipelined implementations of hash functions (in FPGAs), the proposed methodology can lead even to a 160 percent throughput increase.
35 citations
References
More filters
01 Apr 1997
TL;DR: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity.
Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.
2,188 citations
01 Jan 1998
TL;DR: A new block cipher is proposed that uses S-boxes similar to those of DES in a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy analysis that enables it to be more secure than three-key triple-DES.
Abstract: We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses S-boxes similar to those of DES in a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy analysis that enables us to demonstrate its security against all known types of attack. With a 128-bit block size and a 256-bit key, it is as fast as DES on the market leading Intel Pentium/MMX platforms (and at least as fast on many others); yet we believe it to be more secure than three-key triple-DES.
433 citations
01 Jan 1998
TL;DR: The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory.
Abstract: Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8-bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 chosen plaintexts and 2 effort.
403 citations
TL;DR: This tutorial surveys commercially available, high-capacity field-programmable devices and describes the three main categories of FPDs: simple and complex programmable logic devices, and field- programmable gate arrays.
Abstract: This tutorial surveys commercially available, high-capacity field-programmable devices. The authors describe the three main categories of FPDs: simple and complex programmable logic devices, and field-programmable gate arrays. They then give architectural details of the most important chips and example applications of each type of device.
382 citations
01 Jul 1993
TL;DR: A survey of field-programmable gate array (FPGA) architectures and the programming technologies used to customize them is presented and a classification of logic blocks based on their granularity is proposed, and several logic blocks used in commercially available FPGAs are described.
Abstract: A survey of field-programmable gate array (FPGA) architectures and the programming technologies used to customize them is presented. Programming technologies are compared on the basis of their volatility, size parasitic capacitance, resistance, and process technology complexity. FPGA architectures are divided into two constituents: logic block architectures and routing architectures. A classification of logic blocks based on their granularity is proposed, and several logic blocks used in commercially available FPGAs are described. A brief review of recent results on the effect of logic block granularity on logic density and performance of an FPGA is then presented. Several commercial routing architectures are described in the context of a general routing architecture model. Finally, recent results on the tradeoff between the flexibility of an FPGA routing architecture, its routability, and its density are reviewed. >
362 citations